General

  • Target

    f5ed29c215462bc79bd3e5120b4d054f.elf

  • Size

    128KB

  • Sample

    221203-259geadh23

  • MD5

    f5ed29c215462bc79bd3e5120b4d054f

  • SHA1

    836e2b94031a749dec2ddbf601818b8bbd15901b

  • SHA256

    326f6d4ff26111bb824668b98c44f38dd92a1631b0330da26f017f57a0c09124

  • SHA512

    a99e883195a2ce82162da2e252dce8f70cde47cb981756b26e2599bab4beb8d8bf7ac216c565f778675b341e0c2634402745a4d09ce8eb092d60f897a08b9bd5

  • SSDEEP

    3072:NMHPp2Y34jM82KSHfFBgmKVbwemS9j6RM/9KmywPoIlq:NMHPp2djIKSHfFB3K+PS98M/9KmywPo1

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

CONDI

Targets

    • Target

      f5ed29c215462bc79bd3e5120b4d054f.elf

    • Size

      128KB

    • MD5

      f5ed29c215462bc79bd3e5120b4d054f

    • SHA1

      836e2b94031a749dec2ddbf601818b8bbd15901b

    • SHA256

      326f6d4ff26111bb824668b98c44f38dd92a1631b0330da26f017f57a0c09124

    • SHA512

      a99e883195a2ce82162da2e252dce8f70cde47cb981756b26e2599bab4beb8d8bf7ac216c565f778675b341e0c2634402745a4d09ce8eb092d60f897a08b9bd5

    • SSDEEP

      3072:NMHPp2Y34jM82KSHfFBgmKVbwemS9j6RM/9KmywPoIlq:NMHPp2djIKSHfFB3K+PS98M/9KmywPo1

    Score
    9/10
    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Impair Defenses

1
T1562

Hijack Execution Flow

1
T1574

Discovery

Network Service Scanning

1
T1046

Tasks